diff options
Diffstat (limited to 'libselinux/man')
| -rw-r--r-- | libselinux/man/man3/security_compute_av.3 | 4 | ||||
| -rw-r--r-- | libselinux/man/man3/security_disable.3 | 4 | ||||
| -rw-r--r-- | libselinux/man/man3/security_load_policy.3 | 4 | ||||
| -rw-r--r-- | libselinux/man/man3/selinux_policy_root.3 | 17 | ||||
| -rw-r--r-- | libselinux/man/man8/getenforce.8 | 2 | ||||
| -rw-r--r-- | libselinux/man/man8/selinux.8 | 24 | ||||
| -rw-r--r-- | libselinux/man/man8/selinuxenabled.8 | 2 | ||||
| -rw-r--r-- | libselinux/man/man8/selinuxexeccon.8 | 2 | ||||
| -rw-r--r-- | libselinux/man/man8/setenforce.8 | 2 | ||||
| -rw-r--r-- | libselinux/man/man8/togglesebool.8 | 2 |
10 files changed, 40 insertions, 23 deletions
diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3 index c6837fc3..de62d264 100644 --- a/libselinux/man/man3/security_compute_av.3 +++ b/libselinux/man/man3/security_compute_av.3 @@ -37,9 +37,9 @@ the SELinux policy database in the kernel .sp .BI "int security_compute_user_raw(security_context_t "scon ", const char *" username ", security_context_t **" con ); .sp -.BI "int security_get_initial_context(const char *" name ", security_context_t " con ); +.BI "int security_get_initial_context(const char *" name ", security_context_t *" con ); .sp -.BI "int security_get_initial_context_raw(const char *" name ", security_context_t " con ); +.BI "int security_get_initial_context_raw(const char *" name ", security_context_t *" con ); .sp .BI "int selinux_check_access(const security_context_t " scon ", const security_context_t " tcon ", const char *" class ", const char *" perm ", void *" auditdata); .sp diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3 index aeb78da2..c75ce0d9 100644 --- a/libselinux/man/man3/security_disable.3 +++ b/libselinux/man/man3/security_disable.3 @@ -17,7 +17,7 @@ and then unmounts This function can only be called at runtime and prior to the initial policy load. After the initial policy load, the SELinux kernel code cannot be disabled, but only placed in "permissive" mode by using -.BR setenforce (1). +.BR security_setenforce(3). . .SH "RETURN VALUE" .BR security_disable () @@ -27,4 +27,4 @@ returns zero on success or \-1 on error. This manual page has been written by Guido Trentalancia <guido@trentalancia.com> . .SH "SEE ALSO" -.BR selinux (8), " setenforce "(3) +.BR selinux (8), " setenforce "(8) diff --git a/libselinux/man/man3/security_load_policy.3 b/libselinux/man/man3/security_load_policy.3 index c4439bfe..af561636 100644 --- a/libselinux/man/man3/security_load_policy.3 +++ b/libselinux/man/man3/security_load_policy.3 @@ -43,7 +43,7 @@ unmounted using a call to .BR security_disable (3). Therefore, after the initial policy load, the only operational changes are those permitted by -.BR setenforce (3) +.BR security_setenforce (3) (i.e. eventually setting the framework in permissive mode rather than in enforcing one). . @@ -54,4 +54,4 @@ Returns zero on success or \-1 on error. This manual page has been written by Guido Trentalancia <guido@trentalancia.com> . .SH "SEE ALSO" -.BR selinux "(8), " security_disable "(3), " setenforce "(1) +.BR selinux "(8), " security_disable "(3), " setenforce "(8) diff --git a/libselinux/man/man3/selinux_policy_root.3 b/libselinux/man/man3/selinux_policy_root.3 index a6ccf866..63dc9010 100644 --- a/libselinux/man/man3/selinux_policy_root.3 +++ b/libselinux/man/man3/selinux_policy_root.3 @@ -1,21 +1,34 @@ .TH "selinux_policy_root" "3" "25 May 2004" "dwalsh@redhat.com" "SELinux API documentation" .SH "NAME" selinux_policy_root \- return the path of the SELinux policy files for this machine +selinux_set_policy_root \- Set an alternate SELinux root path for the SELinux policy files for this machine. . .SH "SYNOPSIS" .B #include <selinux/selinux.h> .sp .B const char *selinux_policy_root(void); . +.sp +.B int selinux_set_policy_root(const char *policypath); +. .SH "DESCRIPTION" .BR selinux_policy_root () reads the contents of the .I /etc/selinux/config file to determine which policy files should be used for this machine. . +.BR selinux_set_policy_root () +sets up all all policy paths based on the alternate root + +.I /etc/selinux/config +file to determine which policy files should be used for this machine. +. .SH "RETURN VALUE" -On success, returns a directory path containing the SELinux policy files. -On failure, NULL is returned. +On success, selinux_policy_root returns a directory path containing the SELinux policy files. +On failure, selinux_policy_root returns NULL. + +On success, selinux_set_policy_root returns 0 on success -1 on failure. + . .SH "SEE ALSO" .BR selinux "(8)" diff --git a/libselinux/man/man8/getenforce.8 b/libselinux/man/man8/getenforce.8 index 906279fb..e0924d8f 100644 --- a/libselinux/man/man8/getenforce.8 +++ b/libselinux/man/man8/getenforce.8 @@ -1,4 +1,4 @@ -.TH "getenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "getenforce" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" .SH "NAME" getenforce \- get the current mode of SELinux . diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 index a3288661..e89b1eff 100644 --- a/libselinux/man/man8/selinux.8 +++ b/libselinux/man/man8/selinux.8 @@ -37,20 +37,22 @@ The configuration file also controls what policy is active on the system. SELinux allows for multiple policies to be installed on the system, but only one policy may be active at any -given time. At present, two kinds of SELinux policy exist: targeted -and strict. The targeted policy is designed as a policy where most -processes operate without restrictions, and only specific services are +given time. At present, multiple kinds of SELinux policy exist: targeted, +mls for example. The targeted policy is designed as a policy where most +user processes operate without restrictions, and only specific services are placed into distinct security domains that are confined by the policy. For example, the user would run in a completely unconfined domain while the named daemon or apache daemon would run in a specific domain -tailored to its operation. The strict policy is designed as a policy -where all processes are partitioned into fine-grained security domains -and confined by policy. It is anticipated in the future that other -policies will be created (Multi-Level Security for example). You can +tailored to its operation. The MLS (Multi-Level Security) policy is designed +as a policy where all processes are partitioned into fine-grained security +domains and confined by policy. MLS also supports the Bell And LaPadula model, where processes are not only confined by the type but also the level of the data. + +You can define which policy you will run by setting the .B SELINUXTYPE environment variable within .IR /etc/selinux/config . +You must reboot and possibly relabel if you change the policy type to have it take effect on the system. The corresponding policy configuration for each such policy must be installed in the .I /etc/selinux/{SELINUXTYPE}/ @@ -58,7 +60,7 @@ directories. A given SELinux policy can be customized further based on a set of compile-time tunable options and a set of runtime policy booleans. -.B \%system\-config\-securitylevel +.B \%system\-config\-selinux allows customization of these booleans and tunables. Many domains that are protected by SELinux also include SELinux man pages explaining how to customize their policy. @@ -86,11 +88,13 @@ This manual page was written by Dan Walsh <dwalsh@redhat.com>. .nh .BR booleans (8), .BR setsebool (8), -.BR selinuxenabled (8), +.BR sepolicy (8), +.BR system-config-selinux (8), .BR togglesebool (8), .BR restorecon (8), +.BR fixfiles (8), .BR setfiles (8), -.BR semange (8), +.BR semanage (8), .BR sepolicy(8) Every confined service on the system has a man page in the following format: diff --git a/libselinux/man/man8/selinuxenabled.8 b/libselinux/man/man8/selinuxenabled.8 index e0b52012..ac20587b 100644 --- a/libselinux/man/man8/selinuxenabled.8 +++ b/libselinux/man/man8/selinuxenabled.8 @@ -1,4 +1,4 @@ -.TH "selinuxenabled" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "selinuxenabled" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" .SH "NAME" selinuxenabled \- tool to be used within shell scripts to determine if selinux is enabled . diff --git a/libselinux/man/man8/selinuxexeccon.8 b/libselinux/man/man8/selinuxexeccon.8 index 765cf8c6..30c20ed8 100644 --- a/libselinux/man/man8/selinuxexeccon.8 +++ b/libselinux/man/man8/selinuxexeccon.8 @@ -1,4 +1,4 @@ -.TH "selinuxexeccon" "1" "14 May 2011" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "selinuxexeccon" "8" "14 May 2011" "dwalsh@redhat.com" "SELinux Command Line documentation" .SH "NAME" selinuxexeccon \- report SELinux context used for this executable . diff --git a/libselinux/man/man8/setenforce.8 b/libselinux/man/man8/setenforce.8 index b038da00..8a24f1ce 100644 --- a/libselinux/man/man8/setenforce.8 +++ b/libselinux/man/man8/setenforce.8 @@ -1,4 +1,4 @@ -.TH "setenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "setenforce" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" .SH "NAME" setenforce \- modify the mode SELinux is running in . diff --git a/libselinux/man/man8/togglesebool.8 b/libselinux/man/man8/togglesebool.8 index 948aff17..598dc942 100644 --- a/libselinux/man/man8/togglesebool.8 +++ b/libselinux/man/man8/togglesebool.8 @@ -1,4 +1,4 @@ -.TH "togglesebool" "1" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation" +.TH "togglesebool" "8" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation" .SH "NAME" togglesebool \- flip the current value of a SELinux boolean . |